ajalboush
asked on
Generate new doamin users passwords ?
we are migrating our domain from 2000 to 2003, we have created new users accounts and now we need to generate new random passwords for the users?
is there a tool.. script... that can be used to create the random password for the users, since i do not want to reset them all to a common password .
i need to have for each user random password ?
is there a tool.. script... that can be used to create the random password for the users, since i do not want to reset them all to a common password .
i need to have for each user random password ?
ASKER
no,
I need to a tool that can be connected to the domain so it take form there the user names and generates new passwords for them then it prints the output which is should be the user name which is taken from the active directory and the password?
I need to a tool that can be connected to the domain so it take form there the user names and generates new passwords for them then it prints the output which is should be the user name which is taken from the active directory and the password?
Do all the users exist already? And are they in a specific place in AD?
I would guess you don't want to just change passwords for absolutely every account as that would include any administrative accounts or service accounts.
Anyway, it's not really very tricky to do, and while I'm sure my password generators aren't really very efficient they will do the job.
Chris
Oh yes, and any requirements for the passwords? Complexity?
Chris
File.bat:
@echo off
SETLOCAL
FOR /F "delims=" %%i in (file.txt) do call file2.bat %%i
File2.bat:
set password=%TIME:~-2%%TIME:~
net user %1 %password% /domain
echo Password for %1 is %password%>Passwords.txt
it will use the seconds and the milliseconds to create 8 digit password.
save both files (as file.bat and file2.bat and all user names in file.txt) the output off all users and passwords will be in Passwords.txt
and if you ask how to load all user names in the file.txt file do it like this:
go to Active Directory Users and Computers and select your main user container and go to the Action Menu and choose export list option, exports it to csv, after you finished exporting it you can open the file in excel, copy the users column and past it and a text file (file.txt).
Please ask if you need any further assistance.
go to Active Directory Users and Computers and select your main user container and go to the Action Menu and choose export list option, exports it to csv, after you finished exporting it you can open the file in excel, copy the users column and past it and a text file (file.txt).
Please ask if you need any further assistance.
Oh, and after all files have been saved to the same directory just run the file.bat to start the process.
ASKER
the users are created and are already exit in specific ou in the AD.
It doesn't matter, so it will only change their passwords, if the user was on the list and is not currently on the ad it will create it.
all using the NET USER command.
all using the NET USER command.
ASKER
okay, is this will applied inside the domain, I mean that i have the users already created, and i need the generated password to be changed inside the domain then i need the output ?
ASKER
about the comlexity it does not matter since i can change the policy.
Yes, you need to be logged on as the domain admin to make it run, and the output will be on the file Passwords.txt file of which passwords belongs to which user, you will need the output for giving users their passwords.
and just a little fix:
echo Password for %1 is %password%>Passwords.txt
change it to:
echo Password for %1 is %password%>>Passwords.txt
and just a little fix:
echo Password for %1 is %password%>Passwords.txt
change it to:
echo Password for %1 is %password%>>Passwords.txt
This is a VbScript to change the passwords for everyone within that OU to semi-complex passwords. It will need saving as .vbs and you will need to fix the OU_PATH constant (the generator is definately not the most efficient). The password it sets, the username and the users name are written to a text file called Passwords.txt.
If you want to test it before using it then add a ' in front of "objUser.SetPassword strPassword" and it'll show you what it would have done.
HTH
Chris
' If the User Accounts are in the default Users OU then the path is CN=Users,. Please ensure the trailing comma is in place.
Const OU_PATH = "OU=YourOU,OU=SomeOtherOU,
Function GeneratePassword()
Dim intUCharCount, intLCharCount, intNumCount, intPassLen, intRNumber
Dim strChar, strPass
Const PASSWORD_LENGTH = 8
intUCharCount = 0
intLCharCount = 0
intNumCount = 0
intPassLen = 0
Do while intPassLen < PASSWORD_LENGTH
Randomize()
intRNumber = Int(123 * Rnd() + 1)
If (intRNumber > 64) and (intRNumber < 91) Then
If (intUCharCount <= 3) Then
strChar = Chr(intRNumber)
strPass = strPass & strChar
intUCharCount = intUCharCount + 1
intPassLen = intPassLen + 1
End If
End If
If (intRNumber > 96) and (intRNumber < 123) Then
If (intLCharCount <= 3) Then
strChar = Chr(intRNumber)
strPass = strPass & strChar
intLCharCount = intLCharCount + 1
intPassLen = intPassLen + 1
End If
End If
If (intNumCount <= 2) Then
Randomize()
intRNumber = Int(9 * Rnd() + 1)
strChar = CStr(intRNumber)
strPass = strPass & strChar
intNumCount = intNumCount + 1
intPassLen = intPassLen + 1
End If
Loop
GeneratePassword = strPass
End Function
Set objFileSystem = CreateObject("Scripting.Fi
Set objFile = objFileSystem.CreateTextFi
Set objRootDSE = GetObject("LDAP://RootDSE"
Set objOU = GetObject("LDAP://" & OU_PATH & objRootDSE.Get("defaultNam
Set objRootDSE = Nothing
objOU.Filter = Array("user")
For Each objUser in objOU
strPassword = GeneratePassword()
objFile.WriteLine objUser.Get("sAMAccountNam
objUser.SetPassword strPassword
Next
ASKER
I did not understand the last step for what ?
To who you did refer the last question?
ASKER
thanx tomerlei,
what if i want to make the password complex, i used the bat file but it always generate numbers, i need it complex ?
what if i want to make the password complex, i used the bat file but it always generate numbers, i need it complex ?
ASKER
thanx tomerlei, can you answer me quickly ?
what if i want to make the password complex, i used the bat file but it always generate numbers, i need it complex ?
what if i want to make the password complex, i used the bat file but it always generate numbers, i need it complex ?
If you need it complex then you need to use something more capable than Batch Files.
The script I posted will create Complex passwords, the only reason I refer to them as semi-complex is that i never wrote in functionality to create passwords with symbols in ($, %, !, @, etc). However, it will provide enough of a mixture of uppercase, lowercase and numeric to qualify as complex.
HTH
Chris
Although saying that I'm sure you could do it in Batch, and I'm sure someone has before, may have been oBdA.
Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You may check this tool
http://www.winguides.com/security/password.php
Cheers!